Combined Cyber and Physical Attacks on Maritime Transportation System
Attacks on the maritime transportation system involve a combination of cyber and physical methods, posing significant threats to global commerce. Cyber vulnerabilities, such as hacking security cameras or spreading fake news, can lead to physical intrusions and disruptions. More sophisticated attacks could involve compromising operating systems in ports to facilitate physical assaults. Effective risk assessment is crucial to mitigating these complex threats.
Uploaded on Sep 26, 2024 | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Combined Cyber and Physical Attacks on the Maritime Transportation System Fred S. Roberts Director Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA) Source for all images: wikimedia commons 1
Combined Cyber and Physical Attacks More than 90% of the world s commerce goes by sea. A great deal of discussion about physical security in the maritime transportation system (MTS). Leads to standards, regulations, etc. Interest in cyber security of MTS has lagged other sectors (banks, power grids, cars, airplanes), but has increased. 2017 cyber attack on Maersk Lines cost the company $200M to $300M due to delays/disruptions. But more sophisticated attacks will be multi-modal. Could lead to more harm. Next big war could start with a cyber attack on the power grid followed by a physical attack. Simple MTS example: hacking into security cameras at a port increases vulnerability to a physical intrusion. Special case: cyber attack as precursor to physical attack, or vice versa. Will present scenarios and discuss risk. 2
A Simple Example: Fake News Fake news could be spread via social media. Something is happening at Pier F in the port. Draws first responders to Pier F. Everyone runs to the soccer ball Actual intent is to attack Pier L, which now may have less protection. Another version: hack into a company s or agency s email system and generate an official-looking report about Pier F. John Smith @johnsmith There is a shooter at Pier F 2:23 PM 6 Dec 2017 People shot at Pier F 2:22 PM 6 Dec 2017 Tina Jones @tinajones 3
A Simple Example: Fake News Another version: Spread news that a celebrity is at Pier F; draw a crowd; then attack the crowd. Justin Bieber is at Pier F Source: wikimedia commons 4
More Sophisticated Attacks on a Port Cyber attack on operating systems in the port making a following physical attack more likely to succeed: Shut the gates so people are trapped inside and first responders are trapped outside. Turn off the lights make it easier for physical attackers. Turn off the alarms make it easier for physical attackers to avoid detection. Disable the cameras make it easier to avoid detection. Interrupt the power supply. Disable cyber-enabled traffic lights to create traffic jams - emergency vehicles unable to respond to a physical attack. Hack into emergency communication system and tell first responders to go to a different place. Spoof TWIC cards or other access control systems to let the bad guys in. Credits: seaboardmarine.com, commons.Wikimedia.org 5
Risk Assessment Many of these seem feasible. But an adversary with this level of sophistication might find it is easier to do a more intrusive physical break-in. Would like to consider threat, vulnerability, and consequence in determining the risk of a given attack scenario. But: Not many examples (as yet) of cyber attacks on MTS, making threat hard to estimate Estimates of probability attack will succeed (vulnerability) are essentially speculation Consequences could be large, making it important to be able to estimate probabilities accurately, which is difficult. We will approach the problem qualitatively. 6
Risk Assessment J = joint attack, started with cyber attack A, following by physical attack B. T = non-joint attack. Compare probability of success PJ and PT, where PJ = PA x PB/A (prob. of success of A times prob. success of B given A) Compare costs KJ and KT of attacks. Compare consequences CJ and CT of attacks. Risk assessment for combined attacks not well developed. FEMA provides guidance about complex, coordinated attacks but these are synchronized and at different locations and risk assessment is very generic. Event tree analysis deals with risk of one natural event triggering another (earthquake triggers landslide). 7
Disabling Cameras Consider disabling cameras to make it easier to do a physical attack on a port. Cameras are often add-ons. Thus, PA is high. PB/A > PT: that is whole point of joint attack. If sufficiently large, then PJ > PT. It could be that cost of the physical attack set up by cyber attack is less than cost of physical attack alone, but in any case |KJ KT| is small. Almost surely CJ > CT. Even if KJ > KT, it seems reasonable to conclude that J is of higher risk than T. 8 Credit for image: commons.wikimedia.org
Autonomous Vessels Autonomous vessels are coming, soon. Such vessels: Will be programmed to decide where to go. Will be tracked and monitored using diagnostics from HQ. Will put out a problem message if unable to solve a problem, resulting in HQ sending instructions on where to go for repair. Do we trust the technological solutions so such vessels can go alone on the seas? Could a hacker take over the HQ computer and instruct the vessel to go to a place where it could be boarded by attackers? Rolls Royce Autonomous Ship Concept Credit: Rolls Royce, iecetech.org 9
Autonomous Vessels Could a hacker attack a vessel control system through a HQ computer and disable a sensor designed to identify increasing temperature, pressure, or hazardous gas? (This is A.) Leading to an explosion. (This is B.) Not farfetched. The Stuxnet is a malicious computer worm that targets industrial computer systems. It put a virus into a controller running centrifuges and damaged them causing substantial damage to Iran s nuclear program. Not the same, but: Naval Dome has demonstrated ability to penetrate a vessel s machinery control system and stop valves and pumps from working. Image Credits: militaryaerospace.com,n en.wikipedia.org 10
Autonomous Vessels Compare J to an attack T where a physical attack X disables a sensor leading to an explosion B. It is likely that PB/A and PB/X are similar. PA may be quite a bit higher than PX. KJ might also be much less than KT. CJ and CT are likely to be similar. This suggests that the risk of there being a joint attack J is higher, and maybe considerably higher, than the risk of the attack T. Credit: Rolls Royce 11
Pirates and Cargo Pirates have been reported to have hacked into a cargo management system and identified where on a vessel valuable cargo is located. This enabled them to make a very fast and efficient raid on a vessel, going right to the container of interest. How feasible is this? Credit both images: commons.wikimedia.org 12
Pirates and Cargo Hacking into a cargo handling system is feasible. Port of Antwerp is one of the world s biggest. 2011-2013: Hackers infiltrated computers connected to the Port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records. Attackers obtained remote access to the terminal systems; released containers to their own truckers without knowledge of the port or the shipping line. Access to port systems was used to delete information as to the existence of the container after the fact. Source: Reuters 4/23/14, CyberKeel Credit: wikipedia.org 13
Pirates and Cargo The hackers began by emailing malware to the port authorities and/or shipping companies. After the infection was discovered and a firewall installed to prevent further infections, the criminals broke into the facility housing cargo-handling computers and fitted devices allowing wireless access to keystrokes and screen shots of computer screens. The first part of this was a cyber attack preceding a physical attack (stealing cargo). The second part was a physical attack (breaking in) preceding a cyber attack, which in turn preceded a physical attack (stealing cargo). Source: Bell 2013, Mulrenan 2014, Woodland Group 14
Pirates and Cargo Even if it is feasible to hack into the cargo system and identify containers of interest and their location, how would this help the pirates since it is only the topmost containers they can access? Pen Test Partners have shown that hackers can manipulate the cargo handling system to impact placement of cargo (in their case to cause an imbalance). Compare J to T = board a ship and physically steal cargo. Increasingly, pirates have the sophistication to pull off cyber attacks, so PA might be relatively high. Still, PJ might be smaller than PT. Even if PJ is less than PT, most likely KJ is not much more than KT, and CJ is much higher than CT. So, again, we conclude that the risk of J is higher than the risk of T. Credit : commons.wikipedia.org 15
Debarking a Cruise Ship The 2017 attack at the Ariana Grande concert in the Manchester Arena showed that patrons leaving an arena could be vulnerable. What if they were drawn out in a group by hacking into the arena s alarm system or emergency communication system or message board ? In general, disembarking at cruise ship terminals is generally not thought to be very risky. Passengers are released in groups to avoid standing in line at customs. There is good departing security. Terminal operators think you are ok once you leave the dock. But what if a hacker could manipulate an alarm system to get them all to debark at the same time and attack them outside the gates? There is still an under-appreciation of debarking vulnerabilities. Manchester arena after attack Credit: en.wikipedia.org BBC picture 16
Debarking a Cruise Ship Could a hacker manipulate a port alarm system (e.g., fire alarm) to get passengers to debark at the same time? That might depend upon whether the alarm system were online. Port fire alarm systems are not too sophisticated. They are designed to operate over a network and push a signal out to a monitoring agency. It might be a challenging hack to get into this system. Physically setting off the fire alarm might be more likely to succeed. Credit: commons.wikimedia.org 17
Debarking a Cruise Ship Compare a joint cyber and physical attack J that starts with a cyber attack A on an alarm system to a two-part attack that starts with a physical attack X on the alarm system. Each would end with the same physical attack B on debarking passengers. Since PA < PX and PB/A and PB/X are similar, we have PJ < PT. It is hard to tell if KJ < KT, but most likely CJ and CT are close. Because security is trained to tell passengers where to go in case of an alarm, it is likely that neither CJ nor CT are very large. Thus, neither J nor T has a very high risk, and the risk of J is smaller than the risk of T. Credit: Wikimedia commons 18
Debarking a Cruise Ship On the other hand, an adversary might rethink the scenario if they reach a conclusion like this. What if they only did the fire alarm attack, didn t follow with a physical attack, but made a public statement that they have demonstrated their ability to hack into the fire alarm in a port and next time it would be while the vessel was at sea? That alone could lead to significant economic cost to the cruise ship industry. If E is the new one-phase attack, PE > PJ, probably PE > PT, and CE could (at least if loss of life is small) might be close to CT and CJ. Thus, the risk of E might be higher than the risk of either J or T. 19
Other Interesting Combined Attacks Hacking into the Automatic Identification System of a vessel so it doesn t transmit information about a problem, then taking over the vessel and running it aground to block a harbor. Hacking into the Electronic Chart and Display Information System on a cruise ship, running it aground, and then physically attacking it. Hacking into the fire alarm system on a cruise ship, having passengers go to boat stations, where they are vulnerable to a physical attack. Hacking into a drone at a port and landing it on an LNG tank. And many more. Navigation Equipment Credit: Cunard, iecetech.org Credit: commons. wikimedia.org Queen Mary 2 Communication & 20
Thanks to my Collaborators from CCICADA Dr. Dennis Egan Dr. Christie Nelson Mr. Ryan Whytlaw 21
Combined Cyber and Physical Attacks on the Maritime Transportation System Transportation System Combined Cyber and Physical Attacks on the Maritime For More Information: For More Information: Dr. Fred Roberts froberts@dimacs.rutgers.edu froberts@dimacs.rutgers.edu Dr. Fred Roberts CCICADA Center www.ccicada.org www.ccicada.org CCICADA Center 22 22